Attorney Docket: SVL920030052US1/2863P 

Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

Listing of Claims: 

1 . (Currently Amended) A method for performing path-level access control evaluation for a 
structured document in a collection , wherein the structured document comprises a plurality of 
nodes and each of the plurality of nodes is described by a path, the method comprising the steps 
of: 

(a) providing a cach e for t e mporarily storing an access control statement in a cache 
entry for a path associated with a node of the plurality of nodes; 

(b) receiving a query, wherein the query comprises a request to access the node; 

(c) checking the cache entry for the path associated with the node; and 

(d) d e termining wh e ther to grant ing or denying access to the node based on the access 
control statement in the cache entry for the path associated with the node . 

2. (Currently Amended) The method of claim 1, wherein the cache e ntry access control 
statement is one of a grant statement , a deny statement , an unknown statement , and a 
data-dependent statement. 
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3. (Currently Amended) The method of claim 2, wherein determining step (d) further 
comprising comprises : 

(dl) granting access to the node if the cache entry is responsive to the access control 
statement being a grant statement. 

4. (Currently Amended) The method of claim 2, wherein determining step (d) further 
comprising comprises : 

(dl) denying access to the node if - tho - oacho entry is responsive to the access control 
statement being a deny statement. 

5. (Currently Amended) The method of claim 2, wherein determining step (d) further 
comprising comprises : 

(dl) evaluating an access control policy for th e structur e d document affecting the path 
if the cache entry is in response to the access control statement being an unknown statement; 

(d2) granting access if responsive to a result of the evaluation in stop (dl) grants 
granting access; and 

(d3) denying access if responsive to the result of the evaluation in step (dl ) d e ni es 
denying access. 

6. (Currently Amended) The method of claim 5, further comprising: 

(e) determining whether the access control policy affecting the path is 
data-dependent; 
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(f) changing the access control statement in the cache entry from the unknown 
statement to a grant statement or a deny statement based on the evaluation i n- atop (dl) if in 
response to the access control policy affecting th o path is not data d e pendent being 
data-independent ; and 

(g) changing the access control statement in the cache entry from the unknown 
statement to a data-dependent statement if in response to the access control policy affecting the 
path is being data-dependent. 

7. (Currently Amended) The method of claim 2, wherein dotermining step (d) further 
comprising comprises : 

(dl) evaluating an access control policy for th e - structured document affecting the path 
if th o cache entry is in response to the access control statement being a data-dependent statement; 



(62) granting access if responsive to a result of the evaluation in - step (dl) grants 

granting access; and 

(d3) denying access if responsive to the result of the evaluation in step (dl) denies 
denying access. 

8, (Currently Amended) The method of claim 1, further comprising: 

(e) repeating checking and det e rmining steps (c) and (d) for a next node in the 
plurality of nodes . 
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9. (Original) The method of claim 5, wherein evaluating step (dl) further comprises: 

(dli) evaluating a value expression for the path associated with the node, wherein the 
value expression is an executable statement based on the access control policy affecting the path 
and indicates who has access to the node. 

10. (Currently Amended) The method of claim [[9]] 1, wherein c h e eking- and determining 
steps (c) and (d) are performed during a run time run-time , 

11. (Currently Amended) A computer readable medium containing programming 
instructions a computer program for performing path-level access control evaluation for a 
structured document in a collection , wherein the structured document comprises a plurality of 
nodes and each of the plurality of nodes is described by a path, the computer program comprising 
programming instructions for: 

(a) providing a cach e for temporarily storing an access control statement in a cache 
entry for a path associated with a node of the plurality of nodes; 

(b) receiving a query, wherein the query comprises a request to access the node; 

(c) checking the cache entry for the path associated with the node; and 

(d) determining wh e tfa e r - t e granting or denying access to the node based on the access 
control statement in the cache entry for the path associated with the node . 

12. (Currently Amended) The computer readable medium of claim 11, wherein the eaehe 
entry access control statement is one of a grant statement , a deny statement , an unknown 
statement , and a data- dependent statement. 
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13. (Currently Amended) The computer readable medium of claim 12, wherein determining 
instruction (d) further comprising comprises : 

(dl) granting access to the node if th e cache entry is responsive to the access control 
statement being a grant statement. 

14. (Currently Amended) The computer readable medium of claim 12, wherein d etermining 
instruction (d) further comprising comprises : 

(dl) denying access to the node if the caoho o ntry io responsive to the access control 
statement being a deny statement. 

15. (Currently Amended) The computer readable medium of claim 12, wherein d e termining 
instruction (d) further comprising comprises : 

(dl) evaluating an access control policy for - th o structured document affecting the path 
if the cache - entry is in response to the access control statement being an unknown statement; 

(d2) granting access if responsive to a result of the evaluation in instruction (dl) grants 
granting access; and 

(d3) denying access if responsive to the result of the evaluation in instruction (dl) 
denies denying access. 

16. (Currently Amended) The computer readable medium of claim 15, furth e r comprioing 
wherein the computer program further comprises programming instructions for : 

(e) determining whether the access control policy affecting the path is 
data-dependent; 
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(f) changing the access control statement in the cache entry from the unknown 
statement to a grant statement or a deny statement based on the evaluation in instruction (dl) if in 
response to the access control policy aff e cting tho path is not data dependent being 
data-independent ; and 

(g) changing the access control statement in the cache entry from the unknown 
statement to a data- dependent statement if in response to the access control policy affecting the 
path is being data-dependent. 

17. (Currently Amended) The computer readable medium of claim 12, wherein d e termining 
instruction (d) further comprising comprises : 

(dl) evaluating an access control policy for the structured document affecting the path 
if the cach e entry is in response to the access control statement being a data-dependent statement; 

(d2) granting access if responsive to a result of the evaluation in instruction (dl) grants 
granting access; and 

(d3) denying access if responsive to the result of the evaluation in instruetion (dl) 
denies denying access, 

18. (Currently Amended) The computer readable medium of claim 11, further comprising 
wherein the computer program further comprises programming instructions for : 

(e) repeating checking and d e termining instructions (c) and (d) for a next node in the 
plurality of nodes . 
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19. (Original) The computer readable medium of claim 15, wherein evaluating instruction 
(dl) further comprises: 

(dli) evaluating a value expression for the path associated with the node, wherein the 
value expression is an executable statement based on the access control policy affecting the path 
and indicates who has access to the node. 

20. (Currently Amended) The computer readable medium of claim 49 IT, wherein ch e cking 
and determining instructions (c) and (d) are performed during a run time run-time . 

21. (Currently Amended) A method for performing path-level access control evaluation for a 
structured document in a collection , wherein the structured document comprises a plurality of 
nodes and each of the plurality of nodes is described by a path, the method comprising the steps 
of: 

(a) providing a cache for temporarily storing an access control statement in a cache 
entry for a path associated with a node of the plurality of nodes, wherein the e a e he - entry access 
control statement is one of a grant statement , a deny statement , an unknown statement , and a 
data-dependent statement; 

(b) receiving a query, wherein the query comprises a request to access the node; 

(c) checking the cache entry for the path associated with the node; 

(d) granting access to the node if th e cache e ntry is responsive to the access control 
statement being a grant statement; 

(e) denying access to the node if th e cache e ntry - is responsive to the access control 
statement being a deny statement; and 
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(f) determining acc e ss control if th o cache entry is evaluating a value expression for 
the path associated with the node to produce a result in response to the access control statement 
being an unknown statement or a data- dependent statement 

wherein the value expression is an executable statement based on an access control policy 
affecting the path and indicates who has access to the node . 

22. (Currently Amended) The method of claim 21, wherein the determining st o p (f) further 
comprising: 

(ft) evaluating-a ' value expression for the path assooiated - Av - ith -t ho node, wherein the 

valu e exprossion is an executabl e statement based on - an - a c c e ss control policy affecting the path 
and indicates who has access to th e nod e; 

(£2 g) granting or denying access to the node based on [[a]] the result of the evaluation 

(f4h) changing the access control statement in the cache entry from the unknown 
statement to a grant statement or a deny statement based on the result of the evaluation in step 
(fl) if in response to the access control policy affecting tho path is not data - d e pendent being 
data-independent ; and 

(£4 0 changing the access control statement in the cache entry from the unknown 
statement to a data-dependent statement if in responsive to the access control policy affecting the 
path is being data- dependent. 

23. (Currently Amended) The method of claim 22, further comprising: 

(g i) repeating steps (c) through (f i) for a next node in the plurality of nodes . 
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24. (Currently Amended) A computer readable medium containing programming 
instructions a computer program for performing path-level access control evaluation for a 
structured document in a collection , wherein the structured document comprises a plurality of 
nodes and each of the plurality of nodes is described by a path, the computer program comprising 
programming instructions for: 

(a) providing a cach e for-tomporarily storing an access control statement in a cache 
entry for a path associated with a node of the plurality of nodes, wherein the cache e ntry access 
control statement is one of a grant statement , a deny statement , an unknown statement , and a 
data-dependent statement; 

(b) receiving a query, wherein the query comprises a request to access the node; 

(c) checking the cache entry for the path associated with the node; 

(d) granting access to the node if the cache e ntry is responsive to the access control 
statement being a grant statement; 

(e) denying access to the node if th e cache entry is responsive to the access control 
statement being a deny statement; and 

(f) det e rmining aco o oo control if the cache e ntry is evaluating a value expression for 
the path associated with the node to produce a result in response to the access control statement 
being an unknown statement or a data-dependent statement^ 

wherein the value expression is an executable statement based on an access control policy 
affecting the path and indicates who has access to the node . 
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25. (Currently Amended) The computer readable medium of claim 24, wherein the 
det e rmining instruction (f) further comprising computer program further comprises programming 
instructions for : 

(ft) e valuating a value e x p r ession - for the path associated with th e nod e , wherein the 



and indicates who has acce s s - to the node ; 

(S g) granting or denying access to the node based on [[a]] the result of the evaluation 
in st e p (fl) ; 

(£3-h) changing the access control statement in the cache entry from the unknown 
statement to a grant statement or a deny statement based on the result of the evaluation in 
instruction (fl) if in response to the access control policy affecting the path is not data dependent 
being data-independent ; and 

(f4i) changing the access control statement in the cache entry from the unknown 
statement to a data-dependent statement if in response to the access control policy affecting the 
path is being data-dependent. 

26. (Currently Amended) The computer readable medium of claim 25, further - comprising 
wherein the computer program further comprises programming instructions for : 

(g j) repeating instructions (c) through (f i) for a next node in the plurality of nodes . 
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27. (Currently Amended) A system for performing path-level access control evaluation for a 
structured document in a collection , wherein the structured document comprises a plurality of 
nodes and each of the plurality of nodes is described by a path, the system comprising: 

a database management system in a computer ■ system for receiving operable to receive a 
query, wherein the query comprises a request to access a node of the plurality of nodes; and 

a cache in the comput e r -s ys te m coupled to the database management system^ fer- 
temporarily storing the cache being operable to store an access contr ol statement in a cache entry 
for a path associated with the node, 

wherein the database management system is configured further operable to check the 
cache entry for the path associated with the node and to determine whether to grant or deny 
access to the node based on the access control statement in the cache entry for the p ath associated 
with the node . 

28. (Currently Amended) The system of claim 27, wherein the cach e entry access control 
statement is one of a grant statement , a deny statement , an unknown statement , and a 
data-dependent statement. 

29. (Currently Amended) The system of claim 28, further comprising: 

an Access Control access control mechanism coupled to the database management 
system* for det e rmining the access control mechanism being operable to determine access control 
to the node if - th e - oaeh o-e ntiy -is responsive to the access control statement being an unknown 
statement or a data-dependent statement. 
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30. (Currently Amended) The system of claim 29, wherein the Acooog Control access control 
mechanism is configured further operable to generate a value expression for the path associated 
with the node a corresponding valuo o xproooion based on an access control policy for -- the 
structured docum e nt affecting the path, and wherein the database management system evaluates 
is further operable to evaluate the corr e sponding value expression for the path to determine 
whether to grant or deny access to the node. 

31. (Currently Amended) The system of claim 30, wherein the database management system 
is configured further operable to change the access control statement in the cache entry from an 
the unknown statement to a grant statement or a deny statement based on a result of the 
evaluation of the value expression if responsive to the value expression for the path is not data 
d e pendent being data-independent and to change the access control statement in the cache entry 
from an the unknown statement to a data-dependent statement if responsive to the value 
expression for the path is being data-dependent. 
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